Login
      Back to home
      1. Actionable Knowledge Base
      2. Platform Access & Security
      3. Login

      How to set up Single Sign-On with Actionable

      Looking to integrate Single Sign-On into Actionable? This article outlines how to integrate SSO to your platform with Google Workspace and MiniOrange.

      Article Quick Links:

      Setting up Single Sign-On with Mini-Orange

      Prerequisites

      1. You must already have an account set up with MiniOrange.  

      2. The client account you’d like to connect in Actionable must have the Single Sign-On feature enabled. Please contact connect@actionable.co to have it enabled.

      Step 1: MiniOrange Setup

      The following are the steps to add Actionable as an application in MiniOrange.  IMPORTANT: In Step 6, each of the Actionable URLs need to have <client> replaced with the domain name assigned to this client in the Actionable platform.

      1. Login to your MiniOrange admin account

      2. Click on “Apps” in the sidebar 

      3. Click on the “Add Application” button 

      4. Choose “SAML / WS-FED” as your Application Type

      5. Choose “Custom SAML App” as the application.  It’s quicker to find this by searching for it. 

      6. Configure the settings for the new app:

        1. Basic tab:

          1. Change the Custom Application Name to “Actionable” or however you’ve branded the Actionable Platform to this client. 

          2. Set the “SP Entity ID or Issuer” to https://<client>.actionable.co/saml2/sso/metadata 

          3. Set the “ACS URL” to https://<client>.actionable.co/saml2/sso/login?sso 

          4. Set the “Audience URI” to https://<client>.actionable.co/saml2/sso/metadata 

          5. Set the “Single Logout URL” to https://<client>.actionable.co/saml2/sso/sls 

          6. Enable “Sign Response”

          7. Disable “Sign Assertion”

        2. Attribute Mapping tab:

          1. Set the “Name ID” to “E-Mail Address”

          2. Set the “Name ID Format” to “SAML:1.1:nameid-format:unspecified”

          3. Add 3 custom attributes:

            1. Attribute Name: “FirstName” with Attribute Value “First Name”

            2. Attribute Name: “LastName” with Attribute Value “Last Name”

            3. Attribute Name “Email” with Attribute Value “E-Mail Address”

          4. (optional) Add custom profile attributes for fields you want the SSO to send to Actionable. This is useful for pre-populating report filters with demographic information about participants.

        3. Login Policy tab:

          1. (optional) Change settings to your preference

        4. Advanced Settings tab: 

          1. Set the “Logout Response Binding” to “HTTP Redirect”

          2. Set the “Idp Initiated Logout Request Binding” to “HTTP POST

        5. Click the “Save” button.

      Step 2: Actionable Setup

      If you’re an Actionable Consultant, the SSO Settings tab will be found in Client dashboard.

      If you’re a client Administrator, the SSO Settings can be found by clicking on “My Organization” from the sidebar, and then on the “SSO Settings” tab.

      1. In the “SAML 2.0 Audience ID / Entity ID of the IDP” field type “https://<client>.actionable.co/saml2/sso/metadata“, but replace <client> with the subdomain for the current client.

      2. In the “SAML SSO Endpoint” field, enter the value from the MiniOrange Metadata

      3. In the “SAML Single Logout Endpoint” field, enter the value from the MiniOrange Metadata

      4. In the “SAML 2.0 X.509 Certificate” field, enter the value from the MiniOrange Metadata

      5. Leave the “SAML 2.0 Private Key” field empty.

      6. Click on the “Enable SAML Authentication” button at the bottom of the screen. A green box will appear at the top of the screen with a “Disable SSO” button. This means that this client is now set up configured for SSO Authentication.

      Step 3: Test Integration

      1. Go to https://<client>.actionable.co/ (replace <client> with the client’s domain). You should see a login screen that tells you you have to use Single Sign-On.

      2. Click on the “Log In” button. You’ll be redirected to your IDP Provider’s login page if you’re not already logged in.

      3. Login to your single sign-on account. You should be redirected back to the Actionable platform.

      4. Go to the Account Settings page (top right-hand menu). Confirm that your first name, last name and email address are correct. (You should test this from an account that has not yet been in Actionable)

      Setting up Single Sign-On

      Prerequisites

      1. You must already have an account set up with Google Workspace and have administrator rights on that domain.  
      2. The client account you’d like to connect in Actionable must have the Single Sign-On feature enabled. Please contact connect@actionable.co to have it enabled.

      Step 1: Google Workspace Setup

      The following are the steps to add Actionable as a Custom SAML App in Google Workspace.  IMPORTANT: In Step 4C, each of the Actionable URLs need to have <client> replaced with the domain name assigned to this client in the Actionable platform.

      1. Login to your Google Workspace admin account

      2. Click on “Apps → Web and mobile apps” in the sidebar 

      3. Click on the “Add App” button, and choose “Custom SAML App” from the dropdown. 

      4. Configure the settings for the new app:

        1. App Details tab:

          1. Change the App Name to “Actionable” or however you’ve branded the Actionable Platform to this client.

          2. Optionally upload a logo.

          3. Click the “Next” button

        2. Google Identity Provider details tab:

          1. Copy the following values, you’ll need them later:

            1. SSO URL

            2. Entity ID

            3. Certificate

          2. Click the “Next” button

        3. Service Provider Details tab:

          1. Set the “ACS URL” to https://<client>.actionable.co/saml2/sso/acs?sso 

          2. Set the “Entity ID ” to https://<client>.actionable.co/saml2/sso/metadata 

          3. Leave the Start URL blank

          4. Do not sign the response

          5. Name ID Format should be UNSPECIFIED

          6. Name ID should be “Basic Information > Personal Email”

          7. Click the “Next” button

        4. Attribute Mapping tab:

          1. Add 3 custom attributes:

            1. App Attribute Name: “FirstName” with Google Attribute Name “First Name”

            2. App Attribute Name: “LastName” with Google Attribute Value “Last Name”

            3. App Attribute Name “Email” with Google Attribute Value “Primary E-Mail”

          2. (optional) Add custom profile attributes for fields you want the SSO to send to Actionable. This is useful for pre-populating report filters with demographic information about participants.

        5. Click the “Finish” button.

        6. Under “User Access” you can turn the application ON for everyone so that they can access the Actionable platform, or you can restrict access to certain users in your organization.

      Step 2: Actionable Setup

      If you’re an Actionable Consultant, the SSO Settings tab will be found in Client dashboard.

      If you’re a client Administrator, the SSO Settings can be found by clicking on “My Organization” from the sidebar, and then on the “SSO Settings” tab.

      1. In the “SAML 2.0 Audience ID / Entity ID of the IDP” field type enter the Entity ID that you received from Google in the steps above.

      2. In the “SAML SSO Endpoint” field, enter the SSO URL that you received from Google in the steps above.

      3. Leave the “SAML Single Logout Endpoint” field empty.

      4. In the “SAML 2.0 X.509 Certificate” field, enter the certificate value that you received from Google in the steps above.

      5. Leave the “SAML 2.0 Private Key” field empty.
      6. Click on the “Enable SAML Authentication” button at the bottom of the screen. A green box will appear at the top of the screen with a “Disable SSO” button. This means that this client is now set up configured for SSO Authentication.

      Step 3: Test Integration

      1. Go to https://<client>.actionable.co/ (replace <client> with the client’s domain). You should see a login screen that tells you you have to use Single Sign-On.

      2. Click on the “Log In” button. You’ll be redirected to the Google login page if you’re not already logged in.

      3. Login to your single sign-on account. You should be redirected back to the Actionable platform.

      4. Go to the Account Settings page (top right-hand menu). Confirm that your first name, last name and email address are correct. (You should test this from an account that has not yet been in Actionable).

      Questions

      If you have any questions, please contact Actionable’s technical support team at help@actionable.co